This document provides comprehensive information on Unified
Extensible Firmware Interface (UEFI) boot loader for Intel Stratix 10 SoC.
The Intel Stratix 10 SoC provides a secure boot flow,
The boot ROM
The secure device manager (SDM)
The Secure Monitor
The UEFI boot loader
The Intel Stratix 10 SoC secure boot flow ensures that
the system boot loader is signed with a cryptographic key, validated by the firmware.
The Secure Monitor stage also implements the
model of secure partitioning. This model divides the software
environment into two isolated partitions, called the secure world and the non-secure world.
The two worlds can only communicate with each other through the Secure Monitor.
The binary image of the UEFI boot loader can be stored on Quad SPI flash, NAND
flash, or an SD/MMC card. On board power-up, the secure device manager (SDM) loads the
Monitor directly onto Hard Processor System (HPS) on-chip RAM.
Then the Secure Monitor
loads the UEFI boot loader in HPS DDR memory.
Initializing DDR SDRAM memory
Configuring low level hardware, such as PLL, IOs, and pin MUXes, needed
by nonsecure world software
The UEFI boot loader tasks include:
Providing Ethernet support
Supporting basic hardware diagnostic features
Fetching subsequent boot software such as the operating system package or
Note: For non-secure boot, the operating system
package can include kernel image, device tree blob and filesystem. For secure boot it can be a
Figure 1. UEFI Boot Flow Overview
To load and execute the Intel Stratix 10 SoC
Unified Extensible Firmware Interface (UEFI) boot loader, your system must meet the
Minimum Hardware Requirements
Windows PC or Linux workstation with the following configuration:
Tera Tem for
card slot or
card writer or SD capable writer with SD to
Table 1. Platform Capabilities
Able to compile the UEFI boot loader
Able to compile the Secure Monitor
Minimum Software Requirements
Intel® SoC FPGA Embedded
Development Suite (SoC EDS)
Linaro aarch64-linux-gnu-gcc toolchain version 4.8.3 20140401
are available for the
Stratix® 10 SoC. A virtual
platform enables you to develop and test software before target hardware is
following virtual platforms are available for the
Stratix® 10 SoC:
Wind River Simics*. The Simics* virtual platform is available under license, free of
charge. To get the Simics* virtual platform and documentation, contact Wind River at
As security becomes more and more important, a secured boot solution
becomes a requirement in the embedded world. To ensure comprehensive security and a
trusted platform, secure partitioning is required. The Intel Stratix 10 device achieves secure partitioning by implementing the TrustZone
Trusted Firmware (ATF). The TrustZone
model splits the computing environment into two isolated worlds, the secure world and
normal world, which are linked by a software monitor called the Secure Monitor. The two
worlds have separated logical address space and peripherals. Communication between the
two worlds is only possible by calling the privileged Secure Monitor call (SMC)
The full secure boot solution is:
Secure Device Manager
Secure Monitor mode is a privileged mode and is always secure regardless
of the state of the NS bit. The Secure Monitor is code that runs in Secure Monitor mode
and processes switches to and from the Secure world. The overall security of the
software relies on the security of this code along with the Secure boot code.
Note: You must
enable debugging GCC 4.8. You can disable debugging for GCC 4.9 and
The following messages appear when the ATF build is successful:
The table below lists the Secure Monitor output files.
Table 2. Descriptions of Secure Monitor Files
File Path and Name
Generated binary file
Generated elf file
Generated debug binary file
Generated debug elf file
Note: The first two files in the
table above are generated if you run make
PLAT=stratix10 without the DEBUG option.
Building the UEFI Boot Loader
To build a UEFI boot loader, you
obtain the UEFI
source code and compile the UEFI source with the supported toolchain.
The Unified Extensible Firmware Interface (UEFI) is a standardized firmware specification
that simplifies and secures platform initialization and firmware bootstrap operations. UEFI is
currently developed and supported by representatives from more than 250 industry-leading
and the Linaro Enterprise Group are also
promoting the use of UEFI on
architecture, because the UEFI
specification helps standardize the boot process for
UEFI technology is future-proofed through standardization of firmware design rather than
proprietary firmware design. UEFI specifications promote business and technological
efficiency, improve performance and security, facilitate interoperability between devices,
platforms and systems and comply with next-generation technologies. The UEFI specification is
peer-reviewed and published, allowing developers to write firmware once per platform and reuse
it without much modification. This reuse results in cost and time savings during boot loader
This framework uses the BSD license, permitting you to optionally commercialize your
implementation with minimal legal issues.
You can compile the UEFI source code either in a Windows or in a Linux system.
the UEFI requires additional Linux packages. Depending on your
Linux distribution, the command to install the packages is different:
If you are using a Ubuntu distribution, type:
$ sudo apt-get install uuid-dev build-essential
If you using a Fedora distribution, type:
$ sudo yum install uuid-devel libuuid-devel
For building UEFI, the Python package is required.
If Python is
not already available on your system,
the commands from the SoC EDS Embedded Command Shell provides the required Python
Obtaining the UEFI Source Code
The UEFI source code is located in GitHub. The following steps show you how to get the UEFI
When completed, change to the uefi-socfpga folder and perform a
$ cd uefi-socfpga
$ git checkout -t -b test_uefi origin/socvp_socfpga_udk2015
Compiling the UEFI Source Code with the Linaro Tool Chain
compile the UEFI source code with the Linaro toolchain in a
Open the command prompt.
Go to your working directory and set
SOCEDS_DEST_ROOT to the location of your SoC
$ cd <your_working_directory>\uefi-socfpga
$ set SOCEDS_DEST_ROOT=<your_SOCEDS_location>
Set the GCC path to the location of the compiler toolchain.
$ set PATH=<your_Linaro GCC Toolchain_location>;%PATH%
If you encountered
GCC error while compiling the UEFI source code after
setting the path, you can edit the setup.bat file manually by entering the following
command to use the full compiler path.
set GCC48_AARCH64_PREFIX=<your working directory>\uefi_17v0_window\gcc-linaro-aarch64-linux-gnu-4.8-2014.04_win32\bin\aarch64-linux-gnu-
Run the setup command.
Build the UEFI by entering the following command:
$ make device=s10
The command prompt displays
Figure 2. Command Prompt Display
This section explains how to compile the UEFI source code with the Linaro
toolchain in a Linux system:
Open a terminal and enter the following command:
$ cd <your_uefi_directory>/uefi-socfpga
$ export PATH=<your gcc directory>/\
Clean the entire <your_uefi_directory>/uefi-socfpga/Build/ folder and
folder by entering the following command:
$ make clean
Compile the UEFI boot loader for the Intel Stratix 10 SoC device by entering the following command:
$ make DEVICE=s10
Your terminal displays a "Build Done" message
the UEFI is successfully compiled.
UEFI Generated Files
Compiling the UEFI source code creates the following files in the /uefi-socfpga/Build/Stratix10SoCPkg/RELEASE_GCC48
Table 3. UEFI Generated Files
is the UEFI Pre-EFI Initialization (PEI) phase image which acts as a
second stage boot loader. This file is programmed onto the flash
This is the DS-5 script template. It is imported to the DS-5 tool and
loads the UEFI firmware for debug and development purposes. This
script loads the debug
supports the GCC compiler. ARMCC is not
This file loads the optional second stage of the UEFI boot loader when
you want to boot the UEFI shell and utilize the TFTP feature or run
a UEFI application.
Running UEFI on Intel Stratix 10 Hardware
Running on a Physical Board with ATF and UEFI Bootloader
This section describes how to run the Secure Monitor on a physical
Generate a .sof file with ATF
Get a .sof file from the
$SOCEDS_DEST_ROOT installation directory.
Convert the binary file bl31.bin, generated in
Building the BL31 Image.
This section describes how to load ATF and the UEFI bootloader to the
physical board through the DS-5 debugger.
Launch eclipse by using the following command:
$ eclipse &
Switch to the DS-5 Debug perspective as follows:
Create an S10 Separate JTAG DSTREAM debug configuration as shown in
the following figure.
Connect to the target when the configuration is complete.
At the DS-5 command console, run the following commands:
$ restore <Path to bl31.bin> binary 0xffe00000
$ set var $pc=0xffe00000
semihosting is enabled in platform_def.h for
building the bl31 image, DS-5 must enable it too with the command set semihosting enable true before the command
continue to continue the boot up
This step loads the ATF to the board and continues the boot
up process. It loads PEI.ROM and DXE.ROM from SDMMC automatically.
If you want to use the debugger to load PEI.ROM and DXE.ROM to memory,
modify the configuration in your platform_def.h
file and bl31_plat_setup.c file before building
the bl31 image.
Open the platform_def.h file
located in arm-trusted-firmware/plat/intel/soc/stratix10/platform_def.h and
enable semihosting as follows:
# define PLAT_SEMIHOSTING_ENABLE
Open arm-trusted-firmware/plat/intel/soc/stratix10/bl31_plat_setup.c and
comment out the line shown below: